An article in the Financial Times last year said mobile providers can
"remotely install a piece of software on to any handset, without the
owner's knowledge, which will activate the microphone even when its
owner is not making a call.

4 Answers
4

tl;dr

It may be possible, no one can say for sure. And since no one knows if it's possible you can't block it, because you don't know what and therefore how to block.

But first, let use investigate the statement step by step:

Note that the Article is from 2006

...said mobile providers can...

Google is certainly able to do so, if you are using a Google Services enabled device (usually the ones with "by Google" on the back). But basically every hardware/software manufacturer, whose parts are placed within smartphone (or traditional mobile phone), is able to install backdoors in his products, which could by used third parties to manipulate the device. Either because they bought this access or because the manufacturer is forced to, for example by a (secret) government regulation.

..."remotely install a piece of software on to any handset,..

That's possible and every time you install an app over the Play Store web interface you use this technique.

..without the owner's knowledge,..

Usually you will see visual feedback about the installation process, at least until it's running. But the notification about the new app stays in the notification bar. But no one can rule out that there is a silent install method too.

..which will activate the microphone even when its owner is not making a call...

Android apps are able to activiate the microphone if they have the permission to to so. But if the app came with a silent install method, who knows if the permission for the microphone was also silently given?

And now, how can I protect my privacy?

As soon as you buy a piece of hardware/software without having the ability to verify the hardware and software components for surveillance backdoors, you are lost.

But there are alternatives. There have been attempts to create open source hardware and software for smartphones. Therefore allowing you to review the components for unwanted modules. See for example Opoenmoko.

I would be much more worried about some backdoor in the radio firmware. It receives an SMS and bamm! Your microphone is slaved.
–
Richard BorcsikAug 17 '12 at 10:51

@RichardBorcsik Did I exclude the radio firmware in my answer anywhere? :-)
–
FlowAug 17 '12 at 10:56

1

Nope it just wasn't mentioned while it's a much more realistic threat than Google secretly spying on us. They do that publicly :)
–
Richard BorcsikAug 17 '12 at 11:15

@RichardBorcsik Just edited my post to make clear that Google isn't the only one who's involved.
–
FlowAug 17 '12 at 11:25

1

The above answer applies not only to Android phones, but pretty much to every piece of proprietary connected hardware. PCs, routers, firewalls, and other devices that can connect to the Internet can potentially be avenues for attack.
–
ChahkAug 17 '12 at 14:06

Recently, as far back as the start of this year, there was uproar over a small piece of software which was hidden in certain handsets, and was able to monitor everything - the infamous Carrier-IQ. A bit about the Carrier-IQ as quoted from wikipedia

It provides diagnostic analysis of smartphones to the wireless
industry. The company says that its software is deployed in over 150
million devices worldwide.

Thing is, no one really know for certain if they actually did, as the security world got "excited" about it and started to slam-back on the manufacturers - Apple, HTC, Samsung, Sony, to name but a few. And exposed the ruse behind it, all of a sudden that hype fed its way into the Android world, and guess what happened - an app appeared on the Google Play Store, Carrier-IQ detector.

What I was emphasizing, is how the paranoia made its way into the norms of human emotions - yes, a lot of people were really mad and demanded to know - was there a breach of privacy?

By the way, if you look on the main Carrier-IQ site here, there's a ticker that states as of now, 147,918,175 handsets deployed.... (Ok, am not really sure if they are trolling us with that ticker but questionable as it was stated on the wikipedia that is "deployed in over 150million devices" heck it aint even there!!!)

Yes it is quite possible that there are back-doors available to do just that kind of thing, and is commonly associated with stock ROMs straight from the factory! Zte had one, and was reported a while ago and its publicly available on pastebin. For the sake of historical information, I'll quote it here in case it gets lost.

The ZTE Score M is an Android 2.3.4 (Gingerbread) phone available in
the United States on MetroPCS, made by Chinese telecom ZTE
Corporation.

There is a setuid-root application at /system/bin/sync_agent that
serves no function besides providing a root shell backdoor on the
device. Just give the magic, hard-coded password to get a root shell:

$ sync_agent ztex1609523

id uid=0(root) gid=0(root)

Nice backdoor, ZTE.

It does show one thing and one thing alone, Stock ROMs! All too often people can be naive in thinking that just because its "Stock ROM", it does its job.

Now, not to induce fear or paranoia into anyone, which I certainly would not wish to do so, it helps to have a cool collected thoughts about this.

The dose of reality will hit home, once you realize how, custom ROMs have a better advantage over stock ROMs, they are compiled from source code and is publicly available, such as CyanogenMod, AOSP, CAF, AOKP; rest assured, you will be equally better off with those ROMs in the long term.

Why? For the most part those custom ROMs would be rooted anyway, which will enable you as a user, to have a tight rein on the handset in the way you want it, not some fancy-schmancy stock skin on top of the ROM, such as HTC Sense, Samsung TouchWiz, Sony TimeScape etc. And if the developer of said ROM is trusted to be good, i.e. good community feedback, then yes you would be pretty safe.

What you can do to re-inforce the belief that a custom ROM is better than stock any day is this, knowing that the ROM is rooted, you can use Droidwall/Hi-Surfing, or another type of firewall, to block access to those "sneaky" apps like that. That will put in a level of assurance, but having said that, its not about justifying why having a rooted ROM in the first place, rather its, to empower yourself over the handset and use it in the way you want. If you don't like an app, uninstall it, if an app requires root - then so be it.

It does make you think and ponder for a bit in why carriers would rather have you to be stuck with a stock ROM, and a locked bootloader i.e. "rooting will void the warranty", "unlock the bootloader - you're on your own", but there's always two sides to the same coin, if anyone can get their hands on a handset, and unlock the bootloader, it will simply factory reset and wipe the data upon unlocking and reboot!

So you can see how, from a security viewpoint in what's going on and the decisions involved. I know, when I made a ROM for Zte Blade, I was trusting that the source does not have any malicious code, well, it was coming from AOSP source on google and yes, its rooted, and users feedback is good.

There's a lot of thought in what was said, and yes, that kind of thing can be blocked - If you want to be really secure - block the following under Droidwall here,

With those criteria selected, you will most certainly not be able to download remotely nor sync either. Also, pay attention to the permissions that is asked for by the app on Google Play store, be prudent and you will have nothing to fear.

Technically, its possible. You can visualize it with Play Store scene: Play Store can silently install (when you send signal from web interface) and update apps without owner's knowledge.

Mobile providers can also do this as long as their Trojan app comes pre-installed with device. They can push and install an app to listen your voices.

How to block it?

Root your device and hunt down all apps from mobile providers which could do such nasty things. Google can help. Either remove them from system or block their access to internet using Firewall (there're many firewall apps in Play Store).

Yes. CarrierIQ, Smithlogger, HTC Logger, and a couple of other things are installed onto the device by the carriers.

iPhones are stuck with CIQ, with nothing more than the mere delusion it isn't there or that they can get rid of it when, in fact, they cannot

However, you can get this, which is more helpful if you're rooted, but even without root privileges, it can point you to the opt-out screen for any logging service that may be on your phone.

Furthermore, all this news talk about malware on Androids is crap.
You have to install said "malware" - but the "malware" barely even exists.
So long as you pay attention to what permissions each app you are installing has, you have no chance of anyone leveraging your phone to spy on you.